public ISource CreateInstance(string entry, IPlugInContext context) { var config = context.Configuration; if (!OperatingSystem.IsWindows()) { throw new PlatformNotSupportedException($"Source type '{entry}' is only supported on Windows"); } switch (entry.ToLowerInvariant()) { case WINDOWS_EVENT_LOG_POLLING_SOURCE: var pollingOptions = new WindowsEventLogPollingSourceOptions(); ParseWindowsEventLogSourceOptions(config, pollingOptions); ParseEventLogPollingSourceOptions(config, pollingOptions); var weps = new WindowsEventPollingSource(config[ConfigConstants.ID], config["LogName"], config["Query"], context.BookmarkManager, pollingOptions, context); return(weps); case WINDOWS_EVENT_LOG_SOURCE: var eventOpts = new WindowsEventLogSourceOptions(); ParseWindowsEventLogSourceOptions(config, eventOpts); var source = new EventLogSource(config[ConfigConstants.ID], config["LogName"], config["Query"], context.BookmarkManager, eventOpts, context); return(source); case WINDOWS_PERFORMANCE_COUNTER_SOURCE: var performanceCounterSource = new PerformanceCounterSource(context); return(performanceCounterSource); case WINDOWS_ETW_EVENT_SOURCE: var providerName = config["ProviderName"]; var traceLevelString = DefaultMissingConfig(config["TraceLevel"], "Verbose"); var matchAnyKeywordString = DefaultMissingConfig(config["MatchAnyKeyword"], ulong.MaxValue.ToString()); if (string.IsNullOrWhiteSpace(providerName)) { throw new Exception($"A provider name must be specified for the WindowsEtwEventSource."); } TraceEventLevel traceLevel; ulong matchAnyKeyword; if (!Enum.TryParse <TraceEventLevel>(traceLevelString, out traceLevel)) { var validNames = string.Join(", ", Enum.GetNames(typeof(TraceEventLevel))); throw new Exception($"{traceLevelString} is not a valid trace level value ({validNames}) for the WindowsEtwEventSource."); } matchAnyKeyword = ParseMatchAnyKeyword(matchAnyKeywordString); var eventSource = new EtwEventSource(providerName, traceLevel, matchAnyKeyword, context); return(eventSource); default: throw new Exception($"Source type {entry} not recognized."); } }
public WindowsEventPollingSource(string id, string logName, string query, IBookmarkManager bookmarkManager, WindowsEventLogPollingSourceOptions options, IPlugInContext context) : base(id, logName, query, bookmarkManager, context) { _options = options; InitialPosition = options.InitialPosition; InitialPositionTimestamp = options.InitialPositionTimestamp; }
private void ParseEventLogPollingSourceOptions(IConfiguration config, WindowsEventLogPollingSourceOptions options) { if (int.TryParse(config["MaxReaderDelayMs"], out var maxReaderDelayMs)) { options.MaxReaderDelayMs = maxReaderDelayMs; } if (int.TryParse(config["MinReaderDelayMs"], out var minReaderDelayMs)) { options.MinReaderDelayMs = minReaderDelayMs; } if (int.TryParse(config["DelayThreshold"], out var delayThreshold)) { options.DelayThreshold = delayThreshold; } }